IN THE CLAIMS: 

In accordance with the Revised Rules under 37 C.F.R. 1.121, please amend the claims as 
shown below. The claims shown below may be indicated as original, currently amended, previously 
amended, cancelled, previously cancelled, withdrawn, previously withdrawn, new, previously added, 
reinstated, previously reinstated, re-presented and/or allowed. In accordance with the Rules, the text 
of cancelled or withdrawn claims need not be presented. 
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1 . (As previously amended) A process for protecting a computer from hostile 
code, comprising the steps of: 

defining at least two trust groups; 



assigning objects and processes in the computer to one of said trust groups, 

irrespective of the rights of a user of said computer; 
upon operation of a process over an object or over a second process, comparing a trust group of 
the process with a trust group of the object or with the trust group of the second process, and 
allowing the operation according to the results of said comparing step. 

2. (original) The process of claim 1 wherein a process is assigned upon creation to the 
trust group assigned to the passive code starting from which the process is created. 

3. (original) The process of claim 1 further comprising the step of changing the trust 
group of said process after said operation. 

4. (original) The process of claim 1 further comprising the step of changing the trust 
group of said object or of said second process after said operation. 

5. (original) The process of claim 1 further comprising, upon creation of an object by a 
process, the step of assigning said created object to the trust group of said process. 

6. (original) The process of claim 1 further comprising, when said operation is allowed, 
the step of assigning said process to the trust group of said object or of said second process. 

7. (original) The process of claim 1 wherein said trust groups are hierarchically 
ordered, and wherein the step of allowing further comprises: 




allowing said operation when the trust group of said process is higher or equal in said 
hierarchy than the trust group of said object or of said second process; and 

denying said operation when the trust group of said process is lower in said hierarchy than 
the trust group of said object or of said second process. 

8. (original) The process of claim 7 further comprising the step of assigning said 
process to the trust group of said object or of said second process after the operation is allowed. 

9. (original) The process of claim 1 further comprising: 
defining at least two types of objects; 

assigning objects to one of said types; and 

wherein the step of allowing operation over an object is further carried out according to 
the type of said object. 

10. (amended) The process of claim 1 further comprising: 
defining at least two types of processes; 

assigning processes to one of said types, and 
and wherein the step of allowing operation of a process is further carried out according to the 
type of said process. 

11. (original) The process of claim 1, further comprising: 
defining at least two types of operations; and 

wherein the step of allowing operation of a process over an object or over a second 
process is further carried out according to the type of said operation. 

12. (original) The process of claim 1, further comprising: 
defining at least two types of storage methods, 
assigning a trust group to a type of storage methods; and 

carrying out a storage operation for a process of a trust group according to the storage 
method assigned to the trust group of said process. 

1 3 . (original) A computer comprising: 
objects and processes; 

a table of at least two trust groups, and objects and processes in the computer being 
assigned to one of said trust groups irrespective of the rights of a user of said computer; and 
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a controller configured to access said table and allow an operation of a process over an 
object or over a second process according to the results of a comparison of the trust group of said 
process and the trust group of said object or the trust group of said second process. 

14. (original) The computer of claim 13 further comprising: 

a table of types of at least two types of objects, the objects in the computer being assigned one 
type; 

and wherein the controller accesses said table for allowing said operation. 

15. (original) The computer of claim 13, wherein said table of trust groups is stored in a 
non- volatile memory. 

16. (original) The computer of claim 13, wherein said table of types is stored in a non- 
volatile memory. 

17. (original) The computer of claim 13, further comprising a table of rules, and wherein 
said controller accesses said table of rules. 

18. (original) The computer of claim 13, wherein said table of rules is stored in a non- 
volatile memory. 

19. (original) The computer of claim 13, wherein the computer is operatively coupled to 
a network, the network including a server, the table of trust groups stored in said server. 

20. (original) A computer according to claim 19, wherein said table of types is stored in 
said server. 

21. (original) A computer according to claim 19, wherein said table of rules is stored in 



